Prevent password query for SSH access on client side

Especially with automated scripts which establish SSH connections to external systems, the request for a password within the script is undesirable or leads to the script being blocked.

It is possible to simulate such password entries with the expect tool, but this is anything but secure. The best way is authentication via RSA keys, which must be entered as a public key in the target system in order to enable password-free access.

If you administrate many systems and have forgotten to import a public key into a target system, you end up with the problem of the blocked script again because a password query is initiated as a failover.

To prevent this, the -o BatchMode=yes parameter is simply passed to the SSH client. It is generally recommended to use this parameter as soon as ssh appears in a script. As a rule, however, it is not considered and prevents many a system from running automated processes.

A typical command-line will look like this:

ssh -o BatchMode=yes

If you use SSH indirectly via Rsync, this parameter can be used as follows:

rsync -av -e "ssh -o BatchMode=yes" /dst1